Activity log for bug #1929179

Date Who What changed Old value New value Message
2021-05-21 09:04:55 James Page bug added bug
2021-05-21 09:05:03 James Page nominated for series Ubuntu Groovy
2021-05-21 09:05:03 James Page bug task added ceph (Ubuntu Groovy)
2021-05-21 09:05:03 James Page nominated for series Ubuntu Focal
2021-05-21 09:05:03 James Page bug task added ceph (Ubuntu Focal)
2021-05-21 09:05:10 James Page ceph (Ubuntu Focal): status New Triaged
2021-05-21 09:05:12 James Page ceph (Ubuntu Groovy): status New Triaged
2021-05-21 09:05:15 James Page ceph (Ubuntu): status New Invalid
2021-05-21 09:05:22 James Page ceph (Ubuntu Groovy): importance Undecided High
2021-05-21 09:05:25 James Page ceph (Ubuntu Focal): importance Undecided High
2021-05-21 09:05:56 James Page cve linked 2021-3509
2021-05-21 09:06:13 James Page cve linked 2021-3531
2021-05-21 09:06:24 James Page cve linked 2021-3524
2021-05-21 09:06:57 James Page description TBC Upstream release announcement: V15.2.12 OCTOPUS This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release. CHANGELOG mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar) mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta) rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531: Swift API denial of service, Felix Huettner) rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley)
2021-05-21 09:07:20 James Page description Upstream release announcement: V15.2.12 OCTOPUS This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release. CHANGELOG mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar) mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta) rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531: Swift API denial of service, Felix Huettner) rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley) [Impact] This release fixes several bugs. We would like to make sure all of our users have access to these improvements. The update contains the following package updates: * ceph 15.2.11 [Test Case] The following SRU process was followed: https://wiki.ubuntu.com/OpenStackUpdates In order to avoid regression of existing users, the OpenStack team will run their continuous integration test against the packages that are in -proposed. A successful run of all available tests will be required before the proposed packages can be let into -updates. The OpenStack team will be in charge of attaching the output summary of the executed tests. The OpenStack team members will not mark ‘verification-done’ until this has happened. [Regression Potential] In order to mitigate the regression potential, the results of the aforementioned tests are attached to this bug. [Upstream release announcement] V15.2.12 OCTOPUS This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release. CHANGELOG mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar) mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta) rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531: Swift API denial of service, Felix Huettner) rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley)
2021-05-21 09:07:25 James Page description [Impact] This release fixes several bugs. We would like to make sure all of our users have access to these improvements. The update contains the following package updates: * ceph 15.2.11 [Test Case] The following SRU process was followed: https://wiki.ubuntu.com/OpenStackUpdates In order to avoid regression of existing users, the OpenStack team will run their continuous integration test against the packages that are in -proposed. A successful run of all available tests will be required before the proposed packages can be let into -updates. The OpenStack team will be in charge of attaching the output summary of the executed tests. The OpenStack team members will not mark ‘verification-done’ until this has happened. [Regression Potential] In order to mitigate the regression potential, the results of the aforementioned tests are attached to this bug. [Upstream release announcement] V15.2.12 OCTOPUS This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release. CHANGELOG mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar) mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta) rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531: Swift API denial of service, Felix Huettner) rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley) [Impact] This release fixes several bugs. We would like to make sure all of our users have access to these improvements. The update contains the following package updates:    * ceph 15.2.12 [Test Case] The following SRU process was followed: https://wiki.ubuntu.com/OpenStackUpdates In order to avoid regression of existing users, the OpenStack team will run their continuous integration test against the packages that are in -proposed. A successful run of all available tests will be required before the proposed packages can be let into -updates. The OpenStack team will be in charge of attaching the output summary of the executed tests. The OpenStack team members will not mark ‘verification-done’ until this has happened. [Regression Potential] In order to mitigate the regression potential, the results of the aforementioned tests are attached to this bug. [Upstream release announcement] V15.2.12 OCTOPUS This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release. CHANGELOG mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar) mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta) rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531: Swift API denial of service, Felix Huettner) rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley)
2021-05-21 09:07:41 James Page bug added subscriber Ubuntu Stable Release Updates Team
2021-05-21 09:08:16 James Page bug task added cloud-archive
2021-05-21 09:08:25 James Page nominated for series cloud-archive/ussuri
2021-05-21 09:08:25 James Page bug task added cloud-archive/ussuri
2021-05-21 09:08:31 James Page cloud-archive: status New Invalid
2021-05-21 09:08:34 James Page cloud-archive/ussuri: status New Triaged
2021-05-21 09:08:36 James Page cloud-archive/ussuri: importance Undecided High
2021-06-24 20:13:39 Steve Beattie ceph (Ubuntu Focal): assignee Steve Beattie (sbeattie)
2021-06-24 20:13:41 Steve Beattie ceph (Ubuntu Groovy): assignee Steve Beattie (sbeattie)
2021-06-24 23:45:42 Launchpad Janitor ceph (Ubuntu Groovy): status Triaged Fix Released
2021-06-24 23:45:44 Launchpad Janitor ceph (Ubuntu Focal): status Triaged Fix Released
2021-06-28 08:36:40 James Page cloud-archive/ussuri: status Triaged Fix Committed
2021-06-28 08:36:41 James Page tags verification-ussuri-needed
2021-07-06 12:49:49 James Page tags verification-ussuri-needed verification-ussuri-done
2021-07-06 12:51:56 James Page cloud-archive/ussuri: status Fix Committed Fix Released
2021-10-11 13:53:01 Frank Villaro bug added subscriber Frank Villaro